1、Designation:E214701(Reapproved 2013)An American National StandardStandard Specification forAudit and Disclosure Logs for Use in Health InformationSystems1This standard is issued under the fixed designation E2147;the number immediately following the designation indicates the year oforiginal adoption
2、or,in the case of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This specification is for the development and implemen-tation of security audit/disc
3、losure logs for health information.It specifies how to design an access audit log to record allaccess to patient identifiable information maintained in com-puter systems and includes principles for developing policies,procedures,and functions of health information logs to docu-ment all disclosure of
4、 health information to external users foruse in manual and computer systems.The process of informa-tion disclosure and auditing should conform,where relevant,with the Privacy Act of 1974(1).21.2 The first purpose of this specification is to define thenature,role,and function of system access audit l
5、ogs and theiruse in health information systems as a technical and proceduraltool to help provide security oversight.In concert with orga-nizational confidentiality and security policies and procedures,permanent audit logs can clearly identify all system applicationusers who access patient identifiab
6、le information,record thenature of the patient information accessed,and maintain apermanent record of actions taken by the user.By providing aprecise method for an organization to monitor and review whohas accessed patient data,audit logs have the potential for moreeffective security oversight than
7、traditional paper record envi-ronments.This specification will identify functionality neededfor audit log management,the data to be recorded,and the useof audit logs as security and management tools by organiza-tional managers.1.3 In the absence of computerized logs,audit log principlescan be implem
8、ented manually in the paper patient recordenvironment with respect to permanently monitoring paperpatient record access.Where the paper patient record and thecomputer-based patient record coexist in parallel,securityoversight and access management should address both envi-ronments.1.4 The second pur
9、pose of this specification is to identifyprinciples for establishing a permanent record of disclosure ofhealth information to external users and the data to be recordedin maintaining it.Security management of health informationrequires a comprehensive framework that incorporates man-dates and criter
10、ia for disclosing patient health informationfound in federal and state laws,rules and regulations andethical statements of professional conduct.Accountability forsuch a framework should be established through a set ofstandard principles that are applicable to all health care settingsand health infor
11、mation systems.1.5 Logs used to audit and oversee health informationaccess and disclosure are the responsibility of each health careorganization,data intermediary,data warehouse,clinical datarepository,third party payer,agency,organization or corpora-tion that maintains or provides,or has access to
12、individually-identifiable data.Such logs are specified in and support policyon information access monitoring and are tied to disciplinarysanctions that satisfy legal,regulatory,accreditation and insti-tutional mandates.1.6 Organizations need to prescribe access requirements foraggregate data and to
13、approve query tools that allow auditingcapability,or design data repositories that limit inclusion ofdata that provide potential keys to identifiable data.Inferencingpatient identifiable data through analysis of aggregate data thatcontains limited identifying data elements such as birth date,birth l
14、ocation,and family name,is possible using software thatmatches data elements across data bases.This allows aconsistent approach to linking records into longitudinal casesfor research purposes.Audit trails can be designed to workwith applications which use these techniques if the queryfunctions are p
15、art of a defined retrieval application but oftenstandard query tools are not easily audited.This specificationapplies to the disclosure or transfer of health information(records)individually or in batches.1This specification is under the jurisdiction of ASTM Committee E31 onHealthcare Informatics an
16、d is the direct responsibility of Subcommittee E31.25 onHealthcare Data Management,Security,Confidentiality,and Privacy.Current edition approved March 1,2013.Published March 2013.Originallyapproved in 2001.Last previous edition approved in 2009 as E2147 01(2009).DOI:10.1520/E2147-01R13.2The boldface numbers in parentheses refer to the list of references at the end ofthis standard.Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959.United States1 1.7 Thi
